What happened?

When deploying an aws.iot.policy, I get the following error

* error updating IoT Policy (my_policy): VersionsLimitExceededException: The policy my_policy already has the maximum number of versions (5)

This is "normal," as I have the maximum historical version (5) for this policy. Still, it blocks automatic deployment unless I manually intervene and delete a version with CLI, Boto or web console.

The above error was printed once; the subsequent run marked the update as successful even tho nothing was updated in the cloud.

Expected Behavior

I would expect the resource to roll the historical version (deleting the oldest in favour of the new one I am pushing), or give the option to do so on the resource creation. Any other solution that would allow me not to intervene manually to unblock the deployment would be good as well.

Should it not be possible to roll the versions forward, I would expect the error output to be consistent and report the appropriate end state of the deployment (no resource has been modified), not to intervene manually.

Steps to reproduce

Create and aws.iot.policy resource, update the resource 5 times, the 6th time will fail

Output of pulumi about

Version      3.52.1
Go Version   go1.19.5
Go Compiler  gc

aws     4.38.1
python  unknown

OS       debian
Version  parrot
Arch     x86_64

This project is written in python: executable='/home/<user>/.pyenv/shims/python3' version='3.10.4

Name           pulumi.com
URL            https://app.pulumi.com/<user>
User           <user>
Organizations  <user>, <my_org>

NAME               VERSION
pip                21.3.1
pulumi-aws         4.38.1
setuptools         58.5.2
<custome_lib>  0.5.0
wheel              0.37.0

Pulumi locates its logs in /tmp by default

information in <> are obsuscated

Additional context

Many Thanks for the help :D


Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).


First time contributor high five ✋ In general, this provider acts as an adapter for the upstream provider, and the behaviour here is set by the upstream. Sure enough, there is a bug there for exactly the same problem: https://github.com/hashicorp/terraform-provider-aws/issues/24979. So this is a resonable expectation and you are not alone in thinking so :-)

There is more scope in the AWS "native" provider, which maps directly to AWS APIs, to change the behaviour. I've created https://github.com/pulumi/pulumi-aws-native/issues/792 too see if it can be implemented there.


awesome, I'll be following both issues, Thank you!

© 2022 pullanswer.com - All rights reserved.